-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> I have a trigger which inserts a row into a table (table A) based on
> what a user inserts into a different table (table B). To allow this,
> the user needs insert permission for table A in order for the trigger
> to run. Is there a way I can restrict this so the user only has
> permission to insert via the trigger and not manually? I can't trust
> my users to insert correct values into table A by themselves but I
> need them to be able to run the trigger.
Create another user which has insert permissions on table B. Have this
user create a (trigger) function that inserts into table B, and make
sure the function is marked as EXTERNAL SECURITY DEFINER. Set this function
as a trigger on table A, and your users should only be able to insert into
table B through the trigger.
- --
Greg Sabino Mullane greg@turnstep.com
PGP Key: 0x14964AC8 200303261036
-----BEGIN PGP SIGNATURE-----
Comment: http://www.turnstep.com/pgp.html
iD8DBQE+gcq7vJuQZxSWSsgRAiqgAKCeA9f6mCKFw8M3itKty3q9LjmocQCgqzOt
hPJTbbCOTqbe61Kip8esmWA=
=8eCk
-----END PGP SIGNATURE-----